Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: opnsense@dkeith.com on November 23, 2023, 08:13:55 PM

Title: VXLAN setup
Post by: opnsense@dkeith.com on November 23, 2023, 08:13:55 PM
OK I have tried and not got very far. have not found any documentation on how to implement on opnsense.

As a starter I have working L3 Can ping between PC
[PC 192.168.1.2]-192.168.1.1/24-LAN[opnsese A]-{10.1.1.1 ipsec tunnel}-INTERNET-{10.1.1.2 ipsec tunnel}-[opnsense B]LAN-192.168.2.1/24-[PC 192.168.2.2]

Im looking to use vxlan to extend a layer 2 network from Site A to Site B
[PC 192.168.1.2]-192.168.1.0/24-VxLAN[opnsense A]-{10.1.1.1 ipsec tunnel}-INTERNET-{10.1.1.2 ipsec tunnel}-[opnsense B]VxLAN-192.168.1.0/24-[PC 192.168.1.3]

I am using a bridge to  [lan and vxlan]
im using the ip address of the  ipsec tunnel for vxlan.

Has anyone got a guide on setup ?

thanks
Title: Re: VXLAN setup
Post by: lilsense on November 23, 2023, 11:19:11 PM
have you looked at this post:
https://forum.opnsense.org/index.php?topic=36205.0

Title: Re: VXLAN setup
Post by: opnsense@dkeith.com on November 24, 2023, 01:01:56 PM
I have looked at the that post numerus times. :(

Dose the vxlan need an ip address, if so in what subnet? Im assuming not as it should be a L2 tunnel ?
How is the vxlan connected to the physical port on the firewall? Do I use a bridge?

At some some point there will need at be an interface with an address to allow external connectivity in/out of the  L2 vxlan network. 
would carp be available?

I can use as a know starter position i can use https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route.html (https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route.html)
How can the network have Vxlan overlaid to have Site B PC be in the same L2 network as site A PC

Title: Re: VXLAN setup
Post by: opnsense@dkeith.com on November 24, 2023, 05:38:57 PM
think iv have cracked it.
will wright up the notes. but lets just blame vmware port security stuff in the meantime.
Title: Re: VXLAN setup
Post by: opnsense@dkeith.com on November 28, 2023, 10:44:53 AM
1. If doing this on VMware check the port security on the ports connecting to the firewall.
2. OPT1 Physical interface will be for the connection of VXLAN


Router A
Add interface>Other types>VXLAN
VNI=1
Source address= local L3 Interface facing Router B
Remote address= remote L3 Interface on Router B

Interface> Assignments
Add OPT1( where the l2 network will connect)
Add new vxlan interface.

Interface > VXLAN
Enable Interface
No IP address

Interface > OPT1
Enable Interface
No IP address

Add interface>Other types>Bridge
members= OPT1 + vxlan

Interface> Assignments
Add Bridge

Interface > Bridge
Enable Interface
Add the l3 network gateway IP address here for the l2 subnet

System > Tunables
net.link.bridge.pfil_bridge   (Set to 1 to enable filtering on the bridge interface) = 1
net.link.bridge.pfil_member (Set to 0 to disable filtering on the incoming and outgoing member interfaces.   ) = 0

REBOOT!!!!!!!

Firewall Rules > Bridge
Do the firewall rules here :)

Repeat for Router B
swap the IP address on the vxlan device

If it not working check the device that you are plugging the firewall into for security at layer 2 eg vmware port security



Text only | Text with Images